d/changelog: Update some MOZ-* entries with assigned CVEs

debian/changelog

@@ -17,7 +17,7 @@ thunderbird (1:91.4.0-1) unstable; urgency=medium
     CVE-2021-43546: Cursor spoofing could overlay user interface when native
                     cursor is zoomed
     CVE-2021-43528: JavaScript unexpectedly enabled for the composition area
-    MOZ-2021-0009: Memory safety bugs fixed in Thunderbird 91.4.0
+    CVE-2021-4129: Memory safety bugs fixed in Thunderbird 91.4.0
   * [afd7750] d/t.lintian-overrides: Update entries due renamed tags
     Some Lintan tags were renamed, thus requires am adjustment of the existing
     overrides.
@@ -48,13 +48,12 @@ thunderbird (1:91.3.0-1) unstable; urgency=medium
                     mode without notification or warning
     CVE-2021-38507: Opportunistic Encryption in HTTP2 could be used to bypass
                     the Same-Origin-Policy on services hosted on other ports
-    MOZ-2021-0008: Use-after-free in HTTP2 Session object (no CVE assigned yet)
+    CVE-2021-43535: Use-after-free in HTTP2 Session object
     CVE-2021-38508: Permission Prompt could be overlaid, resulting in user
                     confusion and potential spoofing
     CVE-2021-38509: Javascript alert box could have been spoofed onto an
                     arbitrary domain
-    MOZ-2021-0007: Memory safety bugs fixed in Thunderbird ESR 91.3 (no CVE
-                   assigned yet)
+    CVE-2021-43534: Memory safety bugs fixed in Thunderbird ESR 91.3
 
  -- Carsten Schoenert <c.schoenert@t-online.de>  Wed, 03 Nov 2021 18:14:09 +0100